RE: fuseaction permissions

Steve Nelson Tue, 15 Jun 2004 06:58:07 -0700

Archive: http://www.houseoffusion.com/lists.cfm/link=i:12:6460
---
I'm not sure if we can attach files here or not, but I've attached a
permissions model I've found covers every situation I've ever needed.

It covers three basic areas of securing an application.

1)       A circuit. - a Permission can state whether a user is granted
access to any fuseactions in a circuit

2)       A Fuseaction - a Permission can state whether a user is granted
access to a fuseaction in a circuit

3)       A boolean variable - Secures some area of a fuse

The attached fuse automatically handles circuit/fuseaction security. Then it
dynamically produces the values of the boolean variables. So to secure a
section of fuse you just do this:

<cfif canEditData>

  <input....>

</cfif>

The beauty of this approach is that if you need to override the settings, it
takes nothing more than to manually set the value of the boolean variable.
<cfset canEditData=1> It doesn't require external functions or searching a
list or understanding bitAnd/bitOr. Either the variable is true or it's
false. That's it.

Steve

  _____

From: Sandy Clark [mailto:[EMAIL PROTECTED]
Sent: Tuesday, June 15, 2004 9:35 AM
To: Fusebox
Subject: RE: fuseaction permissions

Archive: http://www.houseoffusion.com/lists.cfm/link=i:12:6459
---
http://halhelms.com/index.cfm?fuseaction=newsletters.show
<http://halhelms.com/index.cfm?fuseaction=newsletters.show&issue=052203_role
sBasedSecurity> &issue=052203_rolesBasedSecurity

  _____

From: Steve Nelson [mailto:[EMAIL PROTECTED]
Sent: Tuesday, June 15, 2004 9:20 AM
To: Fusebox
Subject: RE: fuseaction permissions

Archive: http://www.houseoffusion.com/lists.cfm/link=i:12:6458
---
What the heck is a lock key approach?

Steve

  _____

From: Sandy Clark [mailto:[EMAIL PROTECTED]
Sent: Tuesday, June 15, 2004 8:24 AM
To: Fusebox
Subject: RE: fuseaction permissions

Archive: http://www.houseoffusion.com/lists.cfm/link=i:12:6451
---
I am,

I've written a security plugin that I currently have in testing.  I am doing
a lock key approach.  If you are interested in helping test it, contact me.

  _____

From: Steve Nelson [mailto:[EMAIL PROTECTED]
Sent: Tuesday, June 15, 2004 8:04 AM
To: Fusebox
Subject: fuseaction permissions

Archive: http://www.houseoffusion.com/lists.cfm/link=i:12:6448
---
Is anyone making use of the "permissions" attribute in the fuseaction tag in
their apps?

Steve
  _____

  _____
  _____

  _____

[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]

RE: fuseaction permissions

Reply via email to